..what Tom said.. ;-) Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://www.microsoft.com/isaserver http://isaserver.org/pages/author_index.asp?aut=3 http://isatools.org Read the help, books and articles! ----- Original Message ----- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Tuesday, January 14, 2003 10:21 Subject: [isalist] Re: How BAD is SQL on ISA? http://www.ISAserver.org Hi Jim, et. al., SQL logging puts a considerable performance hit on the server, and if you're hosting the database on the ISA Server itself, you may hit the glass ceiling :-) Tom Thomas W Shinder www.isaserver.org/shinder http://tinyurl.com/1jq1 http://tinyurl.com/1llp -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Tuesday, January 14, 2003 11:44 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: How BAD is SQL on ISA? http://www.ISAserver.org Generally speaking, stick to your "least privileges" concept; you can't go wrong there. Perf, vulnerabilities and user rights become harder to control when you have multiple users accessing your firewall; even if only for SQL usage. If $$ pushes you into that train track of thought, then make sure you: 1. set a strong password for the "sa" account and control database access permissions with an iron fist 2. don't provide direct access to the SQL admin account from outside (no direct SQL calls); no PF for SQL access! 3. remove any master-db SP and XP that you don't need for normal SQL operations; many vulnerabilities have been found therein. 4. No one, but NO ONE except the server admin gets administrative access to the SQL services! Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/pages/author_index.asp?aut=3 http://isatools.org Read the help / books / articles! ----- Original Message ----- From: "William Robertson" <robertson.william@xxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Tuesday, January 14, 2003 02:11 Subject: [isalist] How BAD is SQL on ISA? http://www.ISAserver.org Hi there I live in a principle of least privileges and so I do not install anything on my ISA Server which is not absolutely CRUCIAL to the survival of my Firewalling Strategy. However, I have been considering the option to start logging all ISA requests to a SQL Database as opposed to flat files which is currently the default logging method. If I was to do this then I would like to keep the ISA Firewall independant of any other server and as a result I would need to install SQL Server onto my ISA Firewall. What I would like to know is this: 1) Is it at all a good idea to install a product such as SQL Server onto my ISA Firewall? 2) How robust is ISA when it comes to logging to a SQL Database as opposed to the flat files? 3) How will it impact any Server Publishing rules that I have already created on port 1433 (SQL Server)? Cheers William R. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')